diff -r 06a04b3b2dda -r d7109c6e721d hws/hw05.tex --- a/hws/hw05.tex Thu Oct 30 01:17:51 2014 +0000 +++ b/hws/hw05.tex Mon Nov 03 03:22:41 2014 +0000 @@ -1,26 +1,51 @@ \documentclass{article} -\usepackage{charter} -\usepackage{hyperref} -\usepackage{amssymb} +\usepackage{../style} \begin{document} \section*{Homework 5} \begin{enumerate} +\item What can attacker that controls the network do to a communication +between a client and a server? + +\item Before starting a TCP connection, client and servers +perform a three-way handshake. Describe how can this three-way +handshake can be abused by an attacker? + \item Consider the following simple mutual authentication protocol: \begin{center} \begin{tabular}{ll} -$A \rightarrow B$: & $N_a$\\ -$B \rightarrow A$: & $\{N_a, N_b\}_{K_{ab}}$\\ -$A \rightarrow B$: & $N_b$\\ +$A \to B$: & $N_a$\\ +$B \to A$: & $\{N_a, N_b\}_{K_{ab}}$\\ +$A \to B$: & $N_b$\\ \end{tabular} \end{center} Explain how an attacker $B'$ can launch an impersonation attack by intercepting all messages for $B$ and make $A$ decrypt her own challenges. +\item What is the main problem with the following +authentication protocol where $A$ sends $B$ mutually +shared key? + +\begin{center} +$A \to B: K_{AB}$ +\end{center} + +\item Nonces are unpredicatble random numbers used in protocols? +Consider the following protocol + +\begin{center} +\begin{tabular}{ll} +$A \to B$: & $N$\\ +$B \to A$: & $\{N + 1\}_{K_{ab}}$\\ +\end{tabular} +\end{center} + +Write down three facts that $A$ can infer after this protocol has been +successfully completed? \item Before starting a TCP connection, client and servers perform a three-way handshake: @@ -35,6 +60,29 @@ How can this protocol be abused causing trouble on the server? +\item Write down a protocol which establishes a secret key +between $A$ and $B$ using a mutually trusted third party $S$. +You can assume $A$ and $S$, respectfully $B$ and $S$, share +secret keys. + +\item Consider the following protocol between a car and a +key transponder: + +\begin{enumerate} +\item $C$ generates a random number $r$ +\item $C$ calculates $(F,G) = \{r\}_K$ +\item $C \to T$: $r, F$ +\item $T$ calculates $(F',G') = \{r\}_K$ +\item $T$ checks that $F = F'$ +\item $T \to C$: $r, G'$ +\item $C$ checks that $G = G'$ +\end{enumerate} + +In Step 2 and 4 a message is split into two halves. Explain +what the purpose of this split is? + + + \end{enumerate} \end{document}